OUTSOURCING LAW

Insights on Effective Outsourcing from Bierce & Kenerson, P.C.

Home About Us Selecting Your Attorney Sponsors Careers Register Survey Contact Us Store Contribute an Article
 

Subscribe to Our
Newsletter:
Please Enter your
E-mail:  

Text  HTML
AOL

Search Site:  



EVENTS
 Seminars & Conferences

OUTSOURCED MANAGED
SERVICES
 Call Centers
Service Level Management
Human Resources
Engineering
Debt/Tax Collection
Information Technology (IT)

WHITE PAPERS
Business Process Transformation:
Legal and Business Issues in Business Renewal and Sourcing Strategy

 COMMUNITIES
Customer's Environment
Service Provider's Environment
Consultant's Role
Lawyer's Role

BUSINESS TOPICS
 What is Outsourcing?
Why Should We Outsource?
When Not to Outsource
Definitions / Glossary
F.A.Q.S.
 Economics
Basic Principles
Getting Started (New Service Providers)
Getting Started (Enterprise Customers)
Types of Outsourced Processes
Decision-making Process
Life Cycles / Phases
Deal Structures
Pricing
Best Practices
Failed Deals
Advanced Strategies
Trends
Venture Capitalists and Outsourcing
Business and Legal Factors
 Unique Circumstances; Deal Timing
Viability

 LEGAL TOPICS
Risk Management
Battle of Forms
Intellectual Property
Privacy Law
Human Resources
Taxation
 Legislation
Compliance
Disputes
Litigation
Bankruptcy
International
Corporate Governance and Sarbanes-Oxley Act

 RESOURCES
 Humor in Outsourcing
Articles
Experts
Links
Newsletter
Case Studies
Press Room
SITE TOOLS
 Search
Translate
Contact Us

SITE RULES
 Privacy Policy
Terms of Access and Use
Client's Bill of Rights
Client's Confidential
Communications

Federal Bank Regulatory Guidance
on Notifications to Customers and Regulators
following Breach of Security

    On March 23, 2005, federal regulators issued "guidance" to regulated banks and financial institutions relating to identity theft and personally identifiable information.   The joint guidance was issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.

    As summarized in a press release, the rules for regulated financial institutions now must include a response program and notifications in case of a security breach affecting "sensitive customer information."

The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer.

The guidance provides that, "when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused."

"If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," the guidance states. However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation.

Under the guidance, a financial institution should notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.

    Service providers who have access to such customer information should adopt their own compliance programs as well.

Posted: March 25, 2005

Further reading:

    Privacy Laws affecting Outsourcing: 2005 Legislative Agenda, as of March 25, 2005

Home SEARCH TRANSLATE REGISTER PRIVACY POLICY TERMS OF ACCESS AND USE Contact Us
Copyright 2001-2007 by Outsourcing Law Global  LLC. All rights reserved.  Attorney Advertising